Re: ColdFusion Report Builder and Cyrillic fonts [spamtrap bayes][spamtrap heur]
On 9/23/2010 6:05 AM, Paul Kukiel wrote: Font is: Helvetica is there arial unicode or something that contains all the glyphs you need? identity-H is selected. ok. Set identity-H and the font as Helvetica And there is nothing in the report where the text should be. ( attached a snip ) no snip was attached but if it's NOT ? then it's the font. try another font. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337351 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
3 layers of validation?
Hi, when at university i read that it is always best to have 3 layers of validation (client,server,database) which i have been doing in my applications. I have now built a few web applications using extjs, which i think has excellent validation features. I am developing a new web application and starting to wonder why all the additional work is needed to put all the same validation into the server and the database when extjs does so well. i understand there must be a lot of security on the server and database, and any variables accepted by the server can have the type attribute set, but is it really necessary to replicate validation on all 3 layers? i have never had the validation on the server or database fire purely because extjs is so good! would appreciate others thoughts on this thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337352 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: 3 layers of validation?
I must admit I have never heard of validation on the database before, and I am not sure how one would actually do that. But yes your concerns about validation when using extJS is a valid argument to not do that. The reason being is that server validation is a must because there was a time when people had browsers that did not support JS, and more recently would turn it off. So if any of those conditions are met then server validation would be a must, but if they are running extJS then the likely hood that JS is not present will be extremely slim. Regards, Andrew Scott http://www.andyscott.id.au/ -Original Message- From: Richard White [mailto:rich...@j7is.co.uk] Sent: Thursday, 23 September 2010 6:27 PM To: cf-talk Subject: 3 layers of validation? Hi, when at university i read that it is always best to have 3 layers of validation (client,server,database) which i have been doing in my applications. I have now built a few web applications using extjs, which i think has excellent validation features. I am developing a new web application and starting to wonder why all the additional work is needed to put all the same validation into the server and the database when extjs does so well. i understand there must be a lot of security on the server and database, and any variables accepted by the server can have the type attribute set, but is it really necessary to replicate validation on all 3 layers? i have never had the validation on the server or database fire purely because extjs is so good! would appreciate others thoughts on this thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337353 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
If you want to get downright technical about it, the three layers of validation is an excellent requirement. However, in terms of practicality, one can get away with only client/server for most applications. Server is an absolute must, though, as client validations are incredibly simple to bypass. Sent from my iPhone ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337354 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: running requests longer than request timeout
Native threads cannot be killed and will hang about until complete. You can find more info on the from website and list. Russ On 23 Sep 2010 03:28, Richard Steele r...@photoeye.com wrote: On CF8 Enterprise, we have set the request timeout to 30 seconds. However, in Fusion Reactor the request is continuing on way past that time for certain threads. Why is the request timeout not working? Thanks in advance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337355 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
The other thing to keep in mind is that u can use the same validation for client and server esp when using ajar as it's presumably all in a cfc The database validation is really well covered by using cfqueryparam and stored pros. Russ On 23 Sep 2010 10:00, Matt Quackenbush quackfu...@gmail.com wrote: If you want to get downright technical about it, the three layers of validation is an excellent requirement. However, in terms of practicality, one can get away with only client/server for most applications. Server is an absolute must, though, as client validations are incredibly simple to bypass. Sent from my iPhone ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337356 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
FW: CFGURU: bounce email extractor
Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP, Macro, don't care which, that will extract a list of email addresses from bounced emails so I can remove them from my blogs mailing list. I have 200 odd bounces and don't want to process them manually J I found a macro for outlook that was supposed to parse all emails in a folder and extract to excel, sadly that didn't work. I then found a php script that connects to a remote mailbox, that also did not recognise most of the emails as bounces. Everything else I have found is not FREE, and i'd rather write it myself before paying for such a thing, so just asking here before I go ahead and do that. Anyone used anything like this ? -- Russ Michaels http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ : B2B hosting, VPS's, Exchange, CF, Railo www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo hosting http://www.michaels.me.uk http://www.michaels.me.uk/ : My Blog skype me : russmichaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337357 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
The database validation is really well covered by using cfqueryparam and stored pros. ...PLUS doing a good job of choosing column datatypes (so that the DB will throw an exception if you try to insert one into an int column) and enforcing primary/foreign keys/relationships (so that the DB will throw exceptions for stuff like deleting a row in a lookup table when that row is referred to elsewhere, attempting to insert a duplicate primary key, etc). Good DB-design leads to database-level validation. On Thu, Sep 23, 2010 at 4:46 AM, Russ Michaels r...@michaels.me.uk wrote: The other thing to keep in mind is that u can use the same validation for client and server esp when using ajar as it's presumably all in a cfc The database validation is really well covered by using cfqueryparam and stored pros. Russ On 23 Sep 2010 10:00, Matt Quackenbush quackfu...@gmail.com wrote: If you want to get downright technical about it, the three layers of validation is an excellent requirement. However, in terms of practicality, one can get away with only client/server for most applications. Server is an absolute must, though, as client validations are incredibly simple to bypass. Sent from my iPhone ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337358 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CFFM and TinyMCE?
Anyone using a recent version of CFFM with TinyMCE 3? Before I spend my time figuring out how to do it, thought I'd ask to see if anyone had already spent that time and might be willing to donate the knowledge to the project =) Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337359 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Boardwalk Empire
hah, oops I meant to send this to cf-community =) On Wed, Sep 22, 2010 at 3:45 PM, Andy Matthews li...@commadelimited.com wrote: NO, but it's done in OT. -Original Message- From: Michael Grant [mailto:mgr...@modus.bz] Sent: Wednesday, September 22, 2010 2:26 PM To: cf-talk Subject: Re: Boardwalk Empire Is it done in CF? On Wed, Sep 22, 2010 at 3:24 PM, Rick Root rick.r...@gmail.com wrote: anyone else watch HBO's new series Boardwalk Empire? I caught the series premier last night, thought it was pretty good. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337360 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFM and TinyMCE?
I am. In fact, upgrading from CFFM 1.17 to 1.32 this weekend. What do you want to know? On Thu, Sep 23, 2010 at 6:52 AM, Rick Root rick.r...@gmail.com wrote: Anyone using a recent version of CFFM with TinyMCE 3? Before I spend my time figuring out how to do it, thought I'd ask to see if anyone had already spent that time and might be willing to donate the knowledge to the project =) Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337361 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
thanks for the replies. just so i understand: lets say the client (extjs) passes over a string to be stored in the database. Extjs has checked that it is a string and a length of 50, and that it doesnt have any speech marks. the server then tries to insert it into the database which has a cfqueryparam that checks it is a string and a max length of 50. do you think this is enough validation, or would you do any further checks? do you think the server should also check there are no speech marks in the text as well? thanks Hi, when at university i read that it is always best to have 3 layers of validation (client,server,database) which i have been doing in my applications. I have now built a few web applications using extjs, which i think has excellent validation features. I am developing a new web application and starting to wonder why all the additional work is needed to put all the same validation into the server and the database when extjs does so well. i understand there must be a lot of security on the server and database, and any variables accepted by the server can have the type attribute set, but is it really necessary to replicate validation on all 3 layers? i have never had the validation on the server or database fire purely because extjs is so good! would appreciate others thoughts on this thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337362 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFM and TinyMCE?
On 23/09/2010 9:52 PM, Rick Root wrote: Anyone using a recent version of CFFM with TinyMCE 3? Before I spend my time figuring out how to do it, thought I'd ask to see if anyone had already spent that time and might be willing to donate the knowledge to the project =) yes, it was not too hard. I haven't tried the latest cffm version yet but the previous two versions went fine except for the issue with paths and the uploadifyer thingy in the last version. I don't have the code in front of me and its late evening here, I'll send it directly in the morning... -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337363 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
You probably don't have to do any more speech mark-checking. Just make sure that the column in the database is varchar(50) or nvarchar(50) and make sure that its NULL-ability is set properly and you're done. On Thu, Sep 23, 2010 at 7:01 AM, Richard White rich...@j7is.co.uk wrote: thanks for the replies. just so i understand: lets say the client (extjs) passes over a string to be stored in the database. Extjs has checked that it is a string and a length of 50, and that it doesnt have any speech marks. the server then tries to insert it into the database which has a cfqueryparam that checks it is a string and a max length of 50. do you think this is enough validation, or would you do any further checks? do you think the server should also check there are no speech marks in the text as well? thanks Hi, when at university i read that it is always best to have 3 layers of validation (client,server,database) which i have been doing in my applications. I have now built a few web applications using extjs, which i think has excellent validation features. I am developing a new web application and starting to wonder why all the additional work is needed to put all the same validation into the server and the database when extjs does so well. i understand there must be a lot of security on the server and database, and any variables accepted by the server can have the type attribute set, but is it really necessary to replicate validation on all 3 layers? i have never had the validation on the server or database fire purely because extjs is so good! would appreciate others thoughts on this thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337364 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFM and TinyMCE?
Thanks... I don't use TinyMCE and the instructions I wrote for integrating with TinyMCE are probably quite out of date.. I wrote these instructions (bottom of the readme) for TinyMCE 1.45 http://www.opensourcecf.com/cffm/demo/README.TXT ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337365 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFM and TinyMCE?
Relevant JS looks like this: function cffmCallback(field_name, url, type, win) { // Do custom browser logic url = '#base#cffm.cfm?imagedir=#URLEncodedFormat(imagedir)#editorType=mceEDITOR_RESOURCE_TYPE=' + type; x = 700; // width of window y = 500; // height of window win2 = win; // don't ask, it works. win2 ends up being global to the page, while win is only accessible to the function. cffmWindow = window.open(url,,width=+x+,height=+y+,left=20,top=20,bgcolor=white,resizable,scrollbars,menubar=0); if ( cffmWindow != null ) { // bring the window to the front cffmWindow.focus(); } } tinyMCE.init({ [snip] file_browser_callback : cffmCallback, [snip] }); On Thu, Sep 23, 2010 at 7:12 AM, Kym Kovan dev-li...@mbcomms.net.au wrote: On 23/09/2010 9:52 PM, Rick Root wrote: Anyone using a recent version of CFFM with TinyMCE 3? Before I spend my time figuring out how to do it, thought I'd ask to see if anyone had already spent that time and might be willing to donate the knowledge to the project =) yes, it was not too hard. I haven't tried the latest cffm version yet but the previous two versions went fine except for the issue with paths and the uploadifyer thingy in the last version. I don't have the code in front of me and its late evening here, I'll send it directly in the morning... -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337366 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
Database validation probably comes into play in a couple ways. #1 - datatypes and constraints (including things like foreign keys) provide some level of database validation. #2 - if you're using stored procedures to perform actions, stored procedures can sometimes have business logic validation in them as well. Of course we all use database validation like #1. Although I've written a few stored procedures, I've neve really put any validation in them. Server validation protects you against a number of things that client validation absolutely cannot do. - bugs in client side validation - hackers/spambots who aren't using the web client that you built and try to post things directly to your server side scripts, cfcs, etc. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337367 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
IMO... - You *always* need server side validation, because as mentioned, client validation may not always run, and also so you can make an API available beyond browser front ends. - If that's true, I prefer to stay DRY and write validation in only one place, so that means on the server not the client. To work with that, you probably want to establish infrastructure and conventions to communicate server-side bus rule failures back to the client for presentation to the user. For example, our ajax layer includes the ability to specify mappings of back-end method arguments to a friendly name you can say to the user (Last name is required, not last_name), and a list of DOM IDs that should get highlighted in the UI if the data for that argument is invalid. Dave On Thu, Sep 23, 2010 at 8:34 AM, Rick Root rick.r...@gmail.com wrote: Database validation probably comes into play in a couple ways. #1 - datatypes and constraints (including things like foreign keys) provide some level of database validation. #2 - if you're using stored procedures to perform actions, stored procedures can sometimes have business logic validation in them as well. Of course we all use database validation like #1. Although I've written a few stored procedures, I've neve really put any validation in them. Server validation protects you against a number of things that client validation absolutely cannot do. - bugs in client side validation - hackers/spambots who aren't using the web client that you built and try to post things directly to your server side scripts, cfcs, etc. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337368 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
On Thu, Sep 23, 2010 at 9:31 AM, enigment enigm...@gmail.com wrote: - If that's true, I prefer to stay DRY and write validation in only one place, so that means on the server not the client. To work with http://www.validatethis.org/ Saw a preso on this at CFUnited, looked pretty cool. It generates client and server side validation for you. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337369 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
- If that's true, I prefer to stay DRY and write validation in only one place, so that means on the server not the client. I'd strongly disagree with this from a usability standpoint. Forcing a user to hit the server for validation increases user frustration, server load and bandwidth usage. I realize that both server load and bandwidth are becoming less and less of an issue as our tech progresses, but the logic is still sound. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337370 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: 3 layers of validation?
First off, NEVER NEVER NEVER (should I say it again) assume that the data hitting the server or the database is coming from your form page. It is extremely easy for someone to do a view source and find out where the form data posts to. Then they can send all sorts of crap at the server just to see what happens (script kiddies anyone?). Because of that you have to do server side validation. Client side validation is more for the (wait for it) Client, It's much nicer to have the page say sorry you put in bad data please fix it then make them wait for a new page that says please go back and fix your data. Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the only thing that will hit your database. Say someone finds your database and calls a procedure. You would really hate it if they passed in username = 'dummy';drop usertable;-- and your code didn't account for it. Suddenly your usertable is gone. Always check in each place. Think of it like a secure military base. You have to get thorough security at the gate, then you have to go through security at the building, then you have to go through security to get in the room (if what is inside is important enough to protect). At each level the guards are there to make sure that their specific area is protected. You can jump the fence, but it's harder to get in the building. If you find a way into the building, then it's almost impossible to get in the room. If you get in the room, no problem, we will shoot you when you come out! :) No one level of security can assume that the other has done its job. Steve -Original Message- From: Richard White [mailto:rich...@j7is.co.uk] Sent: Thursday, September 23, 2010 8:01 AM To: cf-talk Subject: Re: 3 layers of validation? thanks for the replies. just so i understand: lets say the client (extjs) passes over a string to be stored in the database. Extjs has checked that it is a string and a length of 50, and that it doesnt have any speech marks. the server then tries to insert it into the database which has a cfqueryparam that checks it is a string and a max length of 50. do you think this is enough validation, or would you do any further checks? do you think the server should also check there are no speech marks in the text as well? thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337371 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: 3 layers of validation?
And then of course there is always this: http://xkcd.com/327/ I showed that comic to an intern, years ago, who didn't validate his database inputs and accidentally deleted a whole database because he put code in the wrong place. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337372 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
Haha, one of my fav xkcd's. Little Bobby Tables. On Thu, Sep 23, 2010 at 9:53 AM, DURETTE, STEVEN J (ATTASIAIT) sd1...@att.com wrote: And then of course there is always this: http://xkcd.com/327/ I showed that comic to an intern, years ago, who didn't validate his database inputs and accidentally deleted a whole database because he put code in the wrong place. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337373 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
On Thu, Sep 23, 2010 at 9:48 AM, DURETTE, STEVEN J (ATTASIAIT) sd1...@att.com wrote: Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the only thing that will hit your database. Say someone finds your database and calls a procedure. You would really hate it if they passed in username = 'dummy';drop usertable;-- and your code didn't account for it. Suddenly your usertable is gone. Always check in each place. If someone finds your database and executes a stored procedure, you've got *WAY* bigger problems than application coding. Ri ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337374 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: 3 layers of validation?
True, but if they have only gotten access to a login that can only run stored procedures and your stored procedures do the checks you are a little bit better off. The programmer can't assume that the DBA is doing his job with security and the DBA can't assume that the programmer is doing his job with security. If both do their jobs then security should be pretty strong, if not then at least you (programmer or DBA) have done everything they can to cover your own butt. -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: Thursday, September 23, 2010 10:01 AM To: cf-talk Subject: Re: 3 layers of validation? On Thu, Sep 23, 2010 at 9:48 AM, DURETTE, STEVEN J (ATTASIAIT) sd1...@att.com wrote: Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the only thing that will hit your database. Say someone finds your database and calls a procedure. You would really hate it if they passed in username = 'dummy';drop usertable;-- and your code didn't account for it. Suddenly your usertable is gone. Always check in each place. If someone finds your database and executes a stored procedure, you've got *WAY* bigger problems than application coding. Ri ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337375 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
If ti's done with AJAX the user will likely not notice the difference. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 23 September 2010 21:46, Michael Grant mgr...@modus.bz wrote: - If that's true, I prefer to stay DRY and write validation in only one place, so that means on the server not the client. I'd strongly disagree with this from a usability standpoint. Forcing a user to hit the server for validation increases user frustration, server load and bandwidth usage. I realize that both server load and bandwidth are becoming less and less of an issue as our tech progresses, but the logic is still sound. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337376 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
On 9/23/2010 7:01 AM, Rick Root wrote: If someone finds your database and executes a stored procedure, you've got *WAY* bigger problems than application coding. Not necessarily. The someone just may be some future developer that has been tasked to do something new with all this great data your application has been collecting for the past years. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337377 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
Um, ok, but what's your point? If the user is working local on the server they probably won't notice the difference either. On Thu, Sep 23, 2010 at 10:12 AM, James Holmes james.hol...@gmail.comwrote: If ti's done with AJAX the user will likely not notice the difference. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 23 September 2010 21:46, Michael Grant mgr...@modus.bz wrote: - If that's true, I prefer to stay DRY and write validation in only one place, so that means on the server not the client. I'd strongly disagree with this from a usability standpoint. Forcing a user to hit the server for validation increases user frustration, server load and bandwidth usage. I realize that both server load and bandwidth are becoming less and less of an issue as our tech progresses, but the logic is still sound. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337378 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: 3 layers of validation?
thanks for the replies. just so i understand: My philosophy is that it simply should not be possible for anyone (user, bot, whatever) to generate a ColdFusion error (which by extension means database errors since they are expressed through the CF error handler). This means very strong server side validation and gracefully handing error conditions back to the user. In some cases, instead of returning an error we just assume reasonable defaults and force the submitted value to either be a valid selection or the default we select. For example, for an e-mail address field we would param the form field, trim it, ensure a value is present, test that value against the isValid() function with the email type to ensure a proper format, then check the length against the database varchar field length. If it's too long we can return an error to the user and ask for a different address (and optionally notify someone that perhaps we should increase the field size). For something like a checkbox with a form value of 1, we might do: cfset form.field = min(abs(val(trim(form.field))), 1) / This forces the value to either be 0 or 1 no matter what was submitted by the user/bot/whatever. We follow that up with a CFQUERYPARAM on the database call with a type of bit, and it will always pass through gracefully (assuming there were no other error conditions). Yes, that's a lot of work to do, but it's not that hard to develop a validation routine to abstract it all away and automate the process (someone mentioned validatethis, which does a great job of this). Once the server-side is locked down you can focus on the client-side validation. This gives you two benefits: 1) The core of your site will function without JavaScript. This is great for that small fraction of paranoid or annoyed users who simply turn it off. 2) More importantly, it will help protect the site against malware attacks, bots, security scanners, and the like, all of which simply ignore your client-side validation and send whatever they want to the server. When your client decides to add e-commerce down the road and you're getting scanned by McAfee or SecurityMetrics on a regular basis you will appreciate all that validation as it will handle all the crap that the scanners throw at the forms without breaking a sweat. Cleaning up database tables after 6,000 junk entries got inserted because you relied on client-side validation (and even so-called database validation as long as the strings weren't too long and the right data types) is really not fun and entirely preventable. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337379 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
You said that server side validation creates user frustration. My point was that this isn't true if the validation is done server side via AJAX, since that provides client-side validation but with a single set of server-side logic. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 23 September 2010 22:21, Michael Grant mgr...@modus.bz wrote: Um, ok, but what's your point? If the user is working local on the server they probably won't notice the difference either. On Thu, Sep 23, 2010 at 10:12 AM, James Holmes james.hol...@gmail.comwrote: If ti's done with AJAX the user will likely not notice the difference. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337380 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
Ideologically, sure. What would your workflow be for this logically though? And how do you mitigate part two and three of my statement? On Thu, Sep 23, 2010 at 10:53 AM, James Holmes james.hol...@gmail.comwrote: You said that server side validation creates user frustration. My point was that this isn't true if the validation is done server side via AJAX, since that provides client-side validation but with a single set of server-side logic. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 23 September 2010 22:21, Michael Grant mgr...@modus.bz wrote: Um, ok, but what's your point? If the user is working local on the server they probably won't notice the difference either. On Thu, Sep 23, 2010 at 10:12 AM, James Holmes james.hol...@gmail.com wrote: If ti's done with AJAX the user will likely not notice the difference. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337381 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
cfinsert/cfupdate
I've been trying to convince one of my friends that using cfinsert and cfupdate is a bad idea. I recently told him that real CF programmers don't use cfinsert and cfupdate :) He responded with this: CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making it just as safe as a regular cfquery, but minus all the clunky code needed to create the query. Actually, scratch that, both queries, since without them you have to maintain both the insert and update statements separately if you add a new form field to a form. cfinsert can do in one line of code what otherwise could be hundreds, not to mention saving you all the ridiculous potential errors from not having commas in the correct place, accidentally using or not using quotes, or mis-matching insert values since the syntax of inserts is different from updates and the two lines you need to add can often be quite far apart. Call me proud to not be a real cf programmer. I just don't know how to respond to this. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337382 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
Direct him to Microsoft Front Page or Dreamweaver if he feels like giving up all his granular control. For me I like to be able to have as much control over my query statements as possible. It makes it easier to read/understand and to see EXACTLY what is being sent to the db. Sounds to me like your friend is just lazy. On Thu, Sep 23, 2010 at 11:08 AM, Rick Root rick.r...@gmail.com wrote: I've been trying to convince one of my friends that using cfinsert and cfupdate is a bad idea. I recently told him that real CF programmers don't use cfinsert and cfupdate :) He responded with this: CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making it just as safe as a regular cfquery, but minus all the clunky code needed to create the query. Actually, scratch that, both queries, since without them you have to maintain both the insert and update statements separately if you add a new form field to a form. cfinsert can do in one line of code what otherwise could be hundreds, not to mention saving you all the ridiculous potential errors from not having commas in the correct place, accidentally using or not using quotes, or mis-matching insert values since the syntax of inserts is different from updates and the two lines you need to add can often be quite far apart. Call me proud to not be a real cf programmer. I just don't know how to respond to this. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337383 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
re: cfinsert/cfupdate
Well, he's completely right, of course. Personally, I really like to have the control over my SQL statements, just like I do over my other code, so I write them out. Allows me to test for NULLs (empty integer fields, for example) or to build computed fields or wrap sequences of queries in cftransaction or whatever. But, that being said, it seems like cfinsert / cfupdate have gotten better since the bad old days where they were truly scary. I don't use the tags personally and I don't plan to, but your friend's arguments seem sound. - Jason Smokey the Bearâs rules for fire safety also apply to government: Keep it small, keep it in a confined area, and keep an eye on it. From: Rick Root rick.r...@gmail.com Sent: Thursday, September 23, 2010 11:09 AM To: cf-talk cf-talk@houseoffusion.com Subject: cfinsert/cfupdate I've been trying to convince one of my friends that using cfinsert and cfupdate is a bad idea. I recently told him that real CF programmers don't use cfinsert and cfupdate :) He responded with this: CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making it just as safe as a regular cfquery, but minus all the clunky code needed to create the query. Actually, scratch that, both queries, since without them you have to maintain both the insert and update statements separately if you add a new form field to a form. cfinsert can do in one line of code what otherwise could be hundreds, not to mention saving you all the ridiculous potential errors from not having commas in the correct place, accidentally using or not using quotes, or mis-matching insert values since the syntax of inserts is different from updates and the two lines you need to add can often be quite far apart. Call me proud to not be a real cf programmer. I just don't know how to respond to this. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337384 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
I also used to think that cfinsert and cfupdate were rubbish, then when I actually used them properly one day I came to a similar conclusion as your friend. They certainly can be very handy and time saving tags when working with simple update/insert from forms as they directly convert form field names into column names and do everything for you. Where they obviously fall down is where you need to use conditional logic in your query to determine what values may or may not be used or where you may be using values that didn't come from the form. So I'd say he is right in the broadest sense, and these tags are especially good for newbies and developers who just learn a small set of CFML tags or use the dreamweaver builders and tools to generate code and probably never going to get into OOP or ORM. Regards -- Russ Michaels my blog: http://russ.michaels.me.uk/ skype: russmichaels MSM: r...@michaels.me.uk -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: 23 September 2010 16:09 To: cf-talk Subject: cfinsert/cfupdate I've been trying to convince one of my friends that using cfinsert and cfupdate is a bad idea. I recently told him that real CF programmers don't use cfinsert and cfupdate :) He responded with this: CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making it just as safe as a regular cfquery, but minus all the clunky code needed to create the query. Actually, scratch that, both queries, since without them you have to maintain both the insert and update statements separately if you add a new form field to a form. cfinsert can do in one line of code what otherwise could be hundreds, not to mention saving you all the ridiculous potential errors from not having commas in the correct place, accidentally using or not using quotes, or mis-matching insert values since the syntax of inserts is different from updates and the two lines you need to add can often be quite far apart. Call me proud to not be a real cf programmer. I just don't know how to respond to this. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337385 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
It seems to me that using cfinsert and cfupdate is a security risk. I mean, what if I wrote a script to post the form with additional form fields? I mean, people don't always know your db structure but they can guess at things sometimes. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337386 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
On Thu, Sep 23, 2010 at 11:19 AM, Russ Michaels r...@michaels.me.uk wrote: So I'd say he is right in the broadest sense, and these tags are especially good for newbies and developers who just learn a small set of CFML tags or Sadly, he's a 10 year veteran CF programmer. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337387 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
That applies across the board Rick, to any sql in any code on any site. If you have not taken measures to stop that kind of thing then you are vulnerable regardless. But it is just as easy to put a stop to that if your using cfinsert and cfupdate. You can SCAN the FORM scope and simply remove anything that shouldn't be there or simply do not execute the SQL code if you think the request did not come form the original form. Russ -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: 23 September 2010 16:21 To: cf-talk Subject: Re: cfinsert/cfupdate It seems to me that using cfinsert and cfupdate is a security risk. I mean, what if I wrote a script to post the form with additional form fields? I mean, people don't always know your db structure but they can guess at things sometimes. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337388 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
How does Coldfusion manufacturer the queryparams? It must inspect the database to determine field types... I wonder if that's a performance hit... I just hate not knowing what the hell its doing. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337389 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
I wasn't saying the tags are no good for veterans, just who they are predominantly aimed at. The average developer I have found quite sucks at SQL and database design. -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: 23 September 2010 16:24 To: cf-talk Subject: Re: cfinsert/cfupdate On Thu, Sep 23, 2010 at 11:19 AM, Russ Michaels r...@michaels.me.uk wrote: So I'd say he is right in the broadest sense, and these tags are especially good for newbies and developers who just learn a small set of CFML tags or Sadly, he's a 10 year veteran CF programmer. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337390 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
For me I like to be able to have as much control over my query statements as possible. It makes it easier to read/ understand and to see EXACTLY what is being sent to the db. While I generally agree with that sentiment, ORM does the same thing on a more grand scale, and I haven't seen anyone railing against using that technology. Personally it's been many years since I last looked at cfinsert/cfupdate, but if the queries that they generate are 'safe' then it might be worth taking another look at as an option to use where appropriate. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337391 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
Well if you turn on full debugging then u can see the sql statements, you could also enable SQL profiling on the sql server to see what was going on if you really wanted to know. Yes it introspects the database to get the metadata it needs, I did do some performance testing once and did not find any significant performance issues. Russ -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: 23 September 2010 16:25 To: cf-talk Subject: Re: cfinsert/cfupdate How does Coldfusion manufacturer the queryparams? It must inspect the database to determine field types... I wonder if that's a performance hit... I just hate not knowing what the hell its doing. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337392 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
On Thu, Sep 23, 2010 at 11:24 AM, Russ Michaels r...@michaels.me.uk wrote: That applies across the board Rick, to any sql in any code on any site. If No, it certainly doesn't. If you write the SQL, they can't post additional form fields that you're not expecting and have them get into your SQL statement. You can SCAN the FORM scope and simply remove anything that shouldn't be there or simply do not execute the SQL code if you think the request did not come form the original form. Well sure but that kinda defeats the purpose of the simplicity of these tags. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337393 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
That's a good point I didn't consider that ORM is just doing the same thing. And I bet you are all happily using Transfer and Reactor in the same way. Russ -Original Message- From: Justin Scott [mailto:jscott-li...@gravityfree.com] Sent: 23 September 2010 16:27 To: cf-talk Subject: RE: cfinsert/cfupdate For me I like to be able to have as much control over my query statements as possible. It makes it easier to read/ understand and to see EXACTLY what is being sent to the db. While I generally agree with that sentiment, ORM does the same thing on a more grand scale, and I haven't seen anyone railing against using that technology. Personally it's been many years since I last looked at cfinsert/cfupdate, but if the queries that they generate are 'safe' then it might be worth taking another look at as an option to use where appropriate. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337394 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
Rick, Saying those tags are ok to use is not promoting people to write insecure applications and I certainly would not imply that. Protecting your application against SQL/XSS attacks is something you should do regardless, so I would not say it defeats the point at all, otherwise you could say the same about ORM or any other framework because you still have to write code of your own to make it do what you want. These things are there to aid in your development and speed things up, not to be some magic bullet that you can rely on to do everything for you. However in order for that to happen the developer has to actually know what these things are and that he has to protect against them, and the typical newbie is not going to know this, so it is really a moot point. Russ -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: 23 September 2010 16:28 To: cf-talk Subject: Re: cfinsert/cfupdate On Thu, Sep 23, 2010 at 11:24 AM, Russ Michaels r...@michaels.me.uk wrote: That applies across the board Rick, to any sql in any code on any site. If No, it certainly doesn't. If you write the SQL, they can't post additional form fields that you're not expecting and have them get into your SQL statement. You can SCAN the FORM scope and simply remove anything that shouldn't be there or simply do not execute the SQL code if you think the request did not come form the original form. Well sure but that kinda defeats the purpose of the simplicity of these tags. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337395 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
You should be doing client side validation of type checking with javascript not ajax calls to the server. It makes sense to make a call to check the database for duplicates or other non-type-checking validation but for simple checks I can't imagine trying to build a system that calls the server every time an input field changes state. This is much easier to check in javascript due to the universal nature of forms. There are only so many form element types so we can make functions that have universal behaviors to those elements and use custom scripts that can check for other definitions like max length, min length, min of 3 in the collection, etc. You should do strict type checking all the way to your database. Your input field value should be checked in every transfer from one method to the other (e.g., form post javascript method to cfc validation method to cfc object collection to cfc dbproxy method to the database stored procedure, etc). If there is an error, the server should throw an error. The client should be able to handle that error and deliver the message or respond accordingly. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337396 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
Actually, I don't use ORM for much the same reason I don't use cfinsert / cfupdate. I still like to craft my SQL and I often have complex relationships that are easy to write in SQL and a PITA to model in an ORM. - Jason Smokey the Bearâs rules for fire safety also apply to government: Keep it small, keep it in a confined area, and keep an eye on it. From: Russ Michaels r...@michaels.me.uk Sent: Thursday, September 23, 2010 11:30 AM To: cf-talk cf-talk@houseoffusion.com Subject: RE: cfinsert/cfupdate That's a good point I didn't consider that ORM is just doing the same thing. And I bet you are all happily using Transfer and Reactor in the same way. Russ -Original Message- From: Justin Scott [mailto:jscott-li...@gravityfree.com] Sent: 23 September 2010 16:27 To: cf-talk Subject: RE: cfinsert/cfupdate For me I like to be able to have as much control over my query statements as possible. It makes it easier to read/ understand and to see EXACTLY what is being sent to the db. While I generally agree with that sentiment, ORM does the same thing on a more grand scale, and I haven't seen anyone railing against using that technology. Personally it's been many years since I last looked at cfinsert/cfupdate, but if the queries that they generate are 'safe' then it might be worth taking another look at as an option to use where appropriate. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337397 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
+1 I feel exactly the same way and still write my SQL statements myself. IMO it's necessary when you start getting into multiple advanced joins, computed columns and inline equations. On Thu, Sep 23, 2010 at 11:38 AM, Jason Fisher ja...@wanax.com wrote: Actually, I don't use ORM for much the same reason I don't use cfinsert / cfupdate. I still like to craft my SQL and I often have complex relationships that are easy to write in SQL and a PITA to model in an ORM. - Jason Smokey the Bears rules for fire safety also apply to government: Keep it small, keep it in a confined area, and keep an eye on it. From: Russ Michaels r...@michaels.me.uk Sent: Thursday, September 23, 2010 11:30 AM To: cf-talk cf-talk@houseoffusion.com Subject: RE: cfinsert/cfupdate That's a good point I didn't consider that ORM is just doing the same thing. And I bet you are all happily using Transfer and Reactor in the same way. Russ -Original Message- From: Justin Scott [mailto:jscott-li...@gravityfree.com] Sent: 23 September 2010 16:27 To: cf-talk Subject: RE: cfinsert/cfupdate For me I like to be able to have as much control over my query statements as possible. It makes it easier to read/ understand and to see EXACTLY what is being sent to the db. While I generally agree with that sentiment, ORM does the same thing on a more grand scale, and I haven't seen anyone railing against using that technology. Personally it's been many years since I last looked at cfinsert/cfupdate, but if the queries that they generate are 'safe' then it might be worth taking another look at as an option to use where appropriate. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337398 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFGURU: bounce email extractor
I use http://www.boogietools.com/Products/Windows/BoogieBounceAPI/ and it works good.. Brook -Original Message- From: Russ Michaels [mailto:r...@michaels.me.uk] Sent: September-23-10 3:33 AM To: cf-talk Subject: FW: CFGURU: bounce email extractor Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP, Macro, don't care which, that will extract a list of email addresses from bounced emails so I can remove them from my blogs mailing list. I have 200 odd bounces and don't want to process them manually J I found a macro for outlook that was supposed to parse all emails in a folder and extract to excel, sadly that didn't work. I then found a php script that connects to a remote mailbox, that also did not recognise most of the emails as bounces. Everything else I have found is not FREE, and i'd rather write it myself before paying for such a thing, so just asking here before I go ahead and do that. Anyone used anything like this ? -- Russ Michaels http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ : B2B hosting, VPS's, Exchange, CF, Railo www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo hosting http://www.michaels.me.uk http://www.michaels.me.uk/ : My Blog skype me : russmichaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337399 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFGURU: bounce email extractor
Oops, missed the free requirement, sorry.. -Original Message- From: Russ Michaels [mailto:r...@michaels.me.uk] Sent: September-23-10 3:33 AM To: cf-talk Subject: FW: CFGURU: bounce email extractor Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP, Macro, don't care which, that will extract a list of email addresses from bounced emails so I can remove them from my blogs mailing list. I have 200 odd bounces and don't want to process them manually J I found a macro for outlook that was supposed to parse all emails in a folder and extract to excel, sadly that didn't work. I then found a php script that connects to a remote mailbox, that also did not recognise most of the emails as bounces. Everything else I have found is not FREE, and i'd rather write it myself before paying for such a thing, so just asking here before I go ahead and do that. Anyone used anything like this ? -- Russ Michaels http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ : B2B hosting, VPS's, Exchange, CF, Railo www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo hosting http://www.michaels.me.uk http://www.michaels.me.uk/ : My Blog skype me : russmichaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337400 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFM and TinyMCE?
Hey John! Thanks! Worked like a charm!!! :) Kelly Relevant JS looks like this: function cffmCallback(field_name, url, type, win) { // Do custom browser logic url = '#base#cffm. cfm?imaged ir=#URLEncodedFormat(imagedir)#editorType=mceEDITOR_RESOURCE_TYPE=' + type; x = 700; // width of window y = 500; // height of window win2 = win; // don't ask, it works. win2 ends up being global to the page, while win is only accessible to the function. cffmWindow = window.open(url,,width=+x+,height=+y+,left=20,top=20, bgcolor=white,resizable,scrollbars,menubar=0); if ( cffmWindow != null ) { // bring the window to the front cffmWindow.focus(); } } tinyMCE.init({ [snip] file_browser_callback : cffmCallback, [snip] }); On Thu, Sep 23, 2010 at 7:12 AM, Kym Kovan dev-li...@mbcomms.net.au wrote: On 23/09/2010 9:52 PM, Rick Root wrote: Anyone using a recent version of CFFM with TinyMCE 3? Before I spend my time figuring out how to do it, thought I'd ask to see if anyone had already spent that time and might be willing to donate the knowledge to the project =) yes, it was not too hard. I haven't tried the latest cffm version yet but the previous two versions went fine except for the issue with paths and the uploadifyer thingy in the last version. I don't have the code in front of me and its late evening here, I'll send it directly in the morning... -- Yours, Kym Kovan mbcomms.net.au ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337401 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
thanks for all the replies. I like your philosphy justin and like the way you talked about routines and procedures that will eventually become part of the development process and therefore not take up additional time or effort. Thanks again thanks for the replies. just so i understand: My philosophy is that it simply should not be possible for anyone (user, bot, whatever) to generate a ColdFusion error (which by extension means database errors since they are expressed through the CF error handler). This means very strong server side validation and gracefully handing error conditions back to the user. In some cases, instead of returning an error we just assume reasonable defaults and force the submitted value to either be a valid selection or the default we select. For example, for an e-mail address field we would param the form field, trim it, ensure a value is present, test that value against the isValid() function with the email type to ensure a proper format, then check the length against the database varchar field length. If it's too long we can return an error to the user and ask for a different address (and optionally notify someone that perhaps we should increase the field size). For something like a checkbox with a form value of 1, we might do: cfset form.field = min(abs(val(trim(form.field))), 1) / This forces the value to either be 0 or 1 no matter what was submitted by the user/bot/whatever. We follow that up with a CFQUERYPARAM on the database call with a type of bit, and it will always pass through gracefully (assuming there were no other error conditions). Yes, that's a lot of work to do, but it's not that hard to develop a validation routine to abstract it all away and automate the process (someone mentioned validatethis, which does a great job of this). Once the server-side is locked down you can focus on the client-side validation. This gives you two benefits: 1) The core of your site will function without JavaScript. This is great for that small fraction of paranoid or annoyed users who simply turn it off. 2) More importantly, it will help protect the site against malware attacks, bots, security scanners, and the like, all of which simply ignore your client-side validation and send whatever they want to the server. When your client decides to add e-commerce down the road and you're getting scanned by McAfee or SecurityMetrics on a regular basis you will appreciate all that validation as it will handle all the crap that the scanners throw at the forms without breaking a sweat. Cleaning up database tables after 6,000 junk entries got inserted because you relied on client-side validation (and even so-called database validation as long as the strings weren't too long and the right data types) is really not fun and entirely preventable. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337402 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 3 layers of validation?
I must admit I have never heard of validation on the database before, and I am not sure how one would actually do that. Triggers, stored procedures, proper usage of data domains - there are lots of ways to implement validation at the database. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337403 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
No, it certainly doesn't. If you write the SQL, they can't post additional form fields that you're not expecting and have them get into your SQL statement. If I recall correctly, you can limit the form fields used by CFINSERT/CFUPDATE using the FORMFIELDS attribute. So that's not a big deal as long as those fields are explicitly specified. In general, unless you have control over coding standards in your organization, I suspect you're not going to win this battle. Personally, I don't like them and haven't used them outside of a classroom - and even then, that was many years ago - but I don't think there's a significant difference in performance or security. There may be a bit of a performance hit for CF to identify SQL data types, but I can't imagine that's significant. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337404 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFGURU: bounce email extractor
I see there is a FREE trial, so I might be able to use it for this onetime issue. -Original Message- From: Brook Davies [mailto:cft...@logiforms.com] Sent: 23 September 2010 16:52 To: cf-talk Subject: RE: CFGURU: bounce email extractor I use http://www.boogietools.com/Products/Windows/BoogieBounceAPI/ and it works good.. Brook -Original Message- From: Russ Michaels [mailto:r...@michaels.me.uk] Sent: September-23-10 3:33 AM To: cf-talk Subject: FW: CFGURU: bounce email extractor Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP, Macro, don't care which, that will extract a list of email addresses from bounced emails so I can remove them from my blogs mailing list. I have 200 odd bounces and don't want to process them manually J I found a macro for outlook that was supposed to parse all emails in a folder and extract to excel, sadly that didn't work. I then found a php script that connects to a remote mailbox, that also did not recognise most of the emails as bounces. Everything else I have found is not FREE, and i'd rather write it myself before paying for such a thing, so just asking here before I go ahead and do that. Anyone used anything like this ? -- Russ Michaels http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ : B2B hosting, VPS's, Exchange, CF, Railo www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo hosting http://www.michaels.me.uk http://www.michaels.me.uk/ : My Blog skype me : russmichaels ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337405 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFM and TinyMCE?
What she said.. thanks John (and all) I copied your code into the inspiring topic on my forums that led me to post this thread to cf-talk :) http://www.opensourcecf.com/forums/messages.cfm?messageid=F6E3048F-8D83-4B7A-839E1E4D6C462DA1 Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337406 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
Some good points were made, on both sides. I am almost thinking about switching sides ... not. But on a more neutral note, there are a few small considerations that might also affect the decision to use one or the other. ie Do you need any of the following functionality 1) Retrieve an identity/autoincrement value from an INSERT 2) Return the number of records affected by an UPDATE 3) (Also, from a recent question on the adobe forums..) Do you need to handle/escape invalid column names? My guess would be these features are not supported with cfinsert/cfupdate. But I do not know for certain. -Leigh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337407 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
How does Coldfusion manufacturer the queryparams? It must inspect the database to determine field types... I wonder if that's a performance hit... I don't know the deep technical details, but I do know that many people argue that using query params actually gives you a performance benefit over plain SQL (although a lot of people disagree). Regardless of the debate over which method is faster, the way it works is if you query param ALL of your variables (including values in the SQL that don't come from CF), ColdFusion will create what is called a prepared statement (sometimes called a parameterized statement, or bind parameter). From what I understand, the way this works is that ColdFusion compiles your query down to machine code that the DB just executes. If you don't query param every value, the DB has to compile the statement, which includes syntax checking and all that jazz. That said, this does not work if you don't use cfqueryparams for everything. For example, this query would NOT be a prepared statement (from what I understand): cfquery name=bday datasource=#myDSN# select birthDate from familyGroups where child = cfqueryparam value=#form.children# cfsqltype=cf_sql_varchar and stillMinor = 1 /cfquery The reason that it would not be a prepared statement is because of the stillMinor = 1 part. Even though that is a static value that never changes, you still want to cfqueryparam that if you want your sql to be compiled to a prepared statement. Otherwise the DB server will still have to do the work when it receives the SQL query from ColdFusion. At least, that is how I understand things. If anybody sees a flaw in my explanation, feel free to jump in and correct me. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337408 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
On Thu, Sep 23, 2010 at 9:50 AM, Michael Grant wrote: +1 I feel exactly the same way and still write my SQL statements myself. IMO it's necessary when you start getting into multiple advanced joins, computed columns and inline equations. This is actually where ORM shines. You can do *crazy awesome* stuff with Hibernate. You can model your model in a variety of ways, that can make things really easy from a programming perspective. It's like learning a new language tho, and a lot of it can still end up being DB specific, so... eh. I bet very few people are using HBM files, where a lot of the magic happens. :Den -- Through shallow intellect, the mind becomes shallow, and one eats the fly, along with the sweets. Guru Nanak ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337409 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: JRunConfig Errorurl Not Working
Hello, I have another post on this message board that relates to this but I'm creating a separate post because this is really just my attempt at a temporary workaround for that problem and I think they are completely separate issues. I am running ColdFusion 8 with Apache 2.2.3 on Linux. In my Apache configuration file I specified the following in my JRun configuration area: JRunConfig Errorurl http://www.somedomain.com/error.cfm The page is accessible but for some reason when a JRun error occurs I don't get redirected to the proper Errorurl. I looked at the Apache connector source code and found the following comment in the code that handles the redirect: This code seems to work for IIS but not for any of the other web servers. I have tried using domains that exist on the machine itself as well as just trying to set the Errorurl to Google.com. Any insight would be appreciated. Thanks, John Did you ever figure this out? I'm having the same problem where it's not redirecting when JRun is down. Using CF9/Apache2.2.15. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337410 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: FW: CFGURU: bounce email extractor
Russ, I have used Ray Camden's getEmail UDF as part of my process for handling bounces. http://cflib.org/index.cfm?event=page.udfbyidudfid=928 You might also look into Brian Ghidinelli's Email Bounce Detector for finding the bounces: http://bouncedetector.riaforge.org/ Steve Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP, Macro, don't care which, that will extract a list of email addresses from bounced emails so I can remove them from my blogs mailing list. I have 200 odd bounces and don't want to process them manually J ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337411 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
JRunconfig Errorurl not working
I'm having a hard time getting this redirect to work. I'm running CF9/Apache 2.2.15 and in the JRun Settings for the Apache config I have are: JRunConfig Errorurl http://localhost/serverDown.html However, whenever JRun is down or starting up I still get the default error page. What am I missing?? Thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337412 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RTFs from a Scheduled Task
We're trying with CF9 on Windows Server 2008 to generate RTF files with font information. So far, the approaches we've seen depend on going through a browser to a user's desktop. What we need it to do is be able to generate the RTF file via a scheduled task that will be run every 5 minutes or so onto the server so that it gets put into a print queue. We've tried writing a straight text file with RTF font code but as it gets sent to the print queue the code just comes across as plain text. Is there a way to do make an RTF file without the browser? Thank you. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337413 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Using a CSV as a datasource (CF8)
To get this to work, I had to do something really hokey. I created an Access database, and used a linked table to the actual text file. Works great. And no, I am not proud of this solution... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337414 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RTF generation by a scheduled task
We're trying with CF9 on Windows Server 2008 to generate RTF files with font information. So far, the approaches we've seen depend on going through a browser to a user's desktop. What we need it to do is be able to generate the RTF file via a scheduled task that will be run every 5 minutes or so onto the server so that it gets put into a print queue. We've tried writing a straight text file with RTF font code but as it gets sent to the print queue the code just comes across as plain text. Is there a way to do make an RTF file without the browser? Thank you. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337415 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
While I generally agree with that sentiment, ORM does the same thing on a more grand scale, and I haven't seen anyone railing against using that technology. While I won't tell ORM fans that they shouldn't use ORM, I have done my fair share of railing against ORM. As others have said in this thread, I don't like losing control over my SQL. I used to think that ORM was just a crutch for people that hate writing SQL (because they never took the time to properly learn SQL). While I still believe that is the case for some ORM users (I won't name names, but I personally know a few developers that would fit this description), I have since come to realize that there are many SQL gurus out there that like to use ORM because of it's convenience, as well as how tightly it can integrate with OO techniques and frameworks. Personally, I am not one of those people, but I won't say that ORM is bad and nobody should use it. To each his own. :) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337416 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Using CF to manage ads shown on Blogger
Next problem... To make the ad clickable and go to the correct website, I have an a href=link_router.cfm wrapping the image that is retrieved by the ad. The link_router.cfm simply looks for the last ad that was requested (the datetime stamp was updated in the ad table when it was requested). That link would be then initially be that viewer's ad, but only for a short period of time, until the next person to view the blog page requested an ad image (the next one in the queue) and the datetime stamp changes. So, how can I assure that the correct link will be retrieved? Idea When the ad is requested, insert the ad id and the link along with a datetime stamp and the ip address that requested it. I'm not sure how accurate that would be if the user has an AOL browser. Is there a better way? Thanks so much. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337417 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
Some good points were made, on both sides. I am almost thinking about switching sides ... not. The thing is that it's not really about sides it's about using the right tools at the right times. If you have a basic update/insert query that doesn't have any special needs, I suppose using those tags could save some time (esp. if you have a lot of those basic queries to write). For queries that need special care, rolling your own would likely be a better approach. If you're CFC-heavy already then ORM might be a good choice. Being a good programmer shouldn't be about I always write my own SQL it should be about using the most effective tool for the job at hand. One of the things I love about CF is that it gives you these options to choose from. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337418 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: RTF generation by a scheduled task
RTF files are plain text, so you can create them pretty easily. If your attempts haven't worked so far, you're doing something wrong. :) Back in the day, I would create an RTF template, and go from there. Try creating an RTF that looks like how you want it, and put placeholders in the spots you want to insert dynamic content. Nowadays, I just use JasperReports, and export in RTF using cfjasperreport (a tag I wrote for generating jasperreport reports from CF). JasperReports is WICKED COOL for doing reports. Beats the pants off of ReportBuilder, etc.. Cross platform y todo. :Den -- A casual stroll through the lunatic asylum shows that faith does not prove anything. Friedrich Nietzsche On Thu, Sep 23, 2010 at 12:52 PM, Thomas Harper wrote: We're trying with CF9 on Windows Server 2008 to generate RTF files with font information. So far, the approaches we've seen depend on going through a browser to a user's desktop. What we need it to do is be able to generate the RTF file via a scheduled task that will be run every 5 minutes or so onto the server so that it gets put into a print queue. We've tried writing a straight text file with RTF font code but as it gets sent to the print queue the code just comes across as plain text. Is there a way to do make an RTF file without the browser? Thank you. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337419 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: running requests longer than request timeout
Native threads cannot be killed and will hang about until complete. You can find more info on the from website and list. Russ On 23 Sep 2010 03:28, Richard Steele r...@photoeye.com wrote: On CF8 Enterprise, we have set the request timeout to 30 seconds. However, in Fusion Reactor the request is continuing on way past that time for certain threads. Why is the request timeout not working? Thanks in advance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337420 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: running requests longer than request timeout
Is there automated anyway to kill those threads? Thanks in advance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337421 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: cfinsert/cfupdate
The thing is that it's not really about sides it's about using the right tools at the right times. The remark about sides was intended as sarcasm ;) ie Conversations about cfinsert/cfupdate tend to lean towards the passionate side. I was totally serious when I said some good points were made on both sides. Having said that, personally, I do not use those tags. Nor do I see myself using them in the future. They just do not provide enough flexibility for most (if not all) of my applications. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337422 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Using CF to manage ads shown on Blogger
If you look at how Harlan does it (harlan.riaforge.org), you embed a JS into your site. The JS points to a CFM file. The output of that is JS that writes out the HTML for both the image and link at the same time. On Thu, Sep 23, 2010 at 3:10 PM, Richard Steele r...@photoeye.com wrote: Next problem... To make the ad clickable and go to the correct website, I have an a href=link_router.cfm wrapping the image that is retrieved by the ad. The link_router.cfm simply looks for the last ad that was requested (the datetime stamp was updated in the ad table when it was requested). That link would be then initially be that viewer's ad, but only for a short period of time, until the next person to view the blog page requested an ad image (the next one in the queue) and the datetime stamp changes. So, how can I assure that the correct link will be retrieved? Idea When the ad is requested, insert the ad id and the link along with a datetime stamp and the ip address that requested it. I'm not sure how accurate that would be if the user has an AOL browser. Is there a better way? Thanks so much. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337423 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: running requests longer than request timeout
nope, even FR cannot kill them automatically, you have to force thread death. On Thu, Sep 23, 2010 at 9:37 PM, Richard Steele r...@photoeye.com wrote: Is there automated anyway to kill those threads? Thanks in advance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337424 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Using CF to manage ads shown on Blogger
If you look at how Harlan does it (harlan.riaforge.org), you embed a JS into your site. The JS points to a CFM file. The output of that is JS that writes out the HTML for both the image and link at the same time. On Thu, Sep 23, 2010 at 3:10 PM, Richard Steele r...@photoeye.com wrote: Awesome! Thanks Ray. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337425 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
coldfusion 8 split word in array of letters
Hey all, In CF9, this splits a word into an array of letters: cfset myArr = listToArray(myWord, ) / However, unless I'm crazy, this doesn't work in CF8. Can anyone tell me how to easily split a word into an array of letters in CF8? Thanks for any insight, Brian ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337426 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
IIS7 404 handler/URL Rewrite...
Any ideas on using IIS7's requite with a dynamic CF page? We have a 404 handler that has been handling this...basically the user friendly url comes in, the 404 handler looks up the name in the db and returns an ID in a url that the site understands and forwards to that page...or redirects to an actual 404 error page. For some reason, IIS7 doesn't seem to like this...it returns a 404.0 not found error(404, 404.2 and 404.3 are defined). So I came up with the idea of taking advantage of IIS7's rewrite. This seems to use the web.config file. Is there a way to dynamically do this with data from the DB? Thanks! Eric BTW...Thanks Ben Nadel, Ray Camden, and Leigh for your either direct or indirect assistance with the dynamic image writing! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337427 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
Ah, I had forgotten that cf strings are java string objects under the hood. Calling myString.split() splits each letter of the word into an array. I noticed that this does, however, insert an empty element into the first position in the array, which was undesirable. To address this, I found a post by Brian Rinaldi which mentioned a udf on cflib.org called arrayCompact (link below) which removed the unwanted empty element in the array. Anyway, thanks, I just wanted to post this reply for future reference in case anyone else has this problem. Best, Brian http://www.cflib.org/index.cfm?event=page.udfbyidudfid=1564 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337428 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
You could also just loop from one to the length of the string. Then use mid() to populate an array. Not as elegant as split(), but it is documented ;) Ah, I had forgotten that cf strings are java string objects under the hood. Calling myString.split() splits each letter of the word into an array. Just be aware the result of split() is not technically a CF array. So it may not behave the way you might expect with some array functions. But since you passing the result into arrayCompact, which does return a CF array, that is not an issue here. -Leigh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337429 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
Hey Leigh, it's very interesting that you mention that about the Java array. In fact, because it was a Java array, I was using the techniques outlines by the ever helpful Ben Nadel in this post (link below) to convert it back to a CF array. After your comments however, I took the conversion piece of code out and just sent the Java array into the arrayCompact function and things still work ok, with a CF array being returned from the function. This surprises me to a certain extent as the arrayCompact function is indeed calling a few CF specific functions on the passed in array, which I would have expected to blow up without the conversion prior to passing the array in. I guess it's simply the case that some CF functions are supported on Java arrays (arrayToList for example) while others are not (arrayAppend as an example). Anyway, things are working now and I do appreciate you taking the time to comment. Best, Brian http://www.bennadel.com/blog/760-Converting-A-Java-Array-To-A-ColdFusion-Array.htm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337430 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
I guess it's simply the case that some CF functions are supported on Java arrays (arrayToList for example) while others are not (arrayAppend as an example). Exactly. The ones that will fail are probably all ones that modify arrays. As mentioned in Ben's entry, the java arrays are immutable. So any attempt to change them causes an exception. Great entry though (not at all surprising ;) Anyway, it is always good to be aware of the nuances. Cheers Leigh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337431 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
WSDL / XML / String help
Hi folks - Hopefully somebody can point me in the right direction. ;-) I am trying to use this WSDL/web service: (the following has been edited for security) ;-) cfinvoke webservice=myURL/my_api.cfc?wsdl method=GetUserProfile returnvariable=temp1 cfinvokeargument name=wsID value=1 cfinvokeargument name=customerid value=1 cfinvokeargument name=userid value=1 /cfinvoke And when I do this: cfdump var=#temp1# I get this: ?xml version=1.0 encoding=utf-8? soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; soap:Body GetUserProfileResponse xmlns=http://tempuri.org/; GetUserProfileResult user UserID1/UserID firstNameA/firstName lastNameA/lastName emaila...@blah.com/email /user /GetUserProfileResult /GetUserProfileResponse /soap:Body /soap:Envelope When it gets returned to me, it's a string. Any attempts to loop over it like an array gives me errors messages. When I just output it, I just get the info found in the user section. Is there a process, method, or something that allows me to pull apart that text, and grab the pieces I need out of it? Is there anyway to say cfset fn = temp1.GetUserProfileResult.user.firstname When I try that it fails. Anybody have any suggestions? Thanks, Doug ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337432 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: WSDL / XML / String help
Use xmlParse() to convert the string to an xml document. The results will be under envelope.body cfset resultXML = xmlParse(temp1) cfset baseXML = resultXML.Envelope.body cfoutput #baseXML.GetUserProfileResponse.GetUserProfileResult.user.firstname.xmlText# /cfoutput ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337433 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: WSDL / XML / String help
Use xmlParse() to convert the string to an xml document. The results will be under envelope.body cfset resultXML = xmlParse(temp1) cfset baseXML = resultXML.Envelope.body cfoutput #baseXML.GetUserProfileResponse.GetUserProfileResult.user.firstname. xmlText# /cfoutput Hi Leigh - Thanks for your suggestion, but that's what I thought also. Since the info that I get back into temp1 is a string, most if not all XML functions don't work. I cut and pasted your text and got this: An error occured while Parsing an XML document. The processing instruction target matching [xX][mM][lL] is not allowed. Thanks, Doug ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337434 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
OT: Or slightly anyway. How do you alter an array in Java? I'm completely unfamiliar with Java so maybe that's a dumb question. And I know I could Google it but I'll probably spend two hours reading and not get as concise an answer as I'd get here in a few sentences. On Thu, Sep 23, 2010 at 8:22 PM, Leigh cfsearch...@yahoo.com wrote: I guess it's simply the case that some CF functions are supported on Java arrays (arrayToList for example) while others are not (arrayAppend as an example). Exactly. The ones that will fail are probably all ones that modify arrays. As mentioned in Ben's entry, the java arrays are immutable. So any attempt to change them causes an exception. Great entry though (not at all surprising ;) Anyway, it is always good to be aware of the nuances. Cheers Leigh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337435 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: WSDL / XML / String help
Make sure you trim() the string first. Excess white space often makes xmlParse() choke. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337436 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
OT: Or slightly anyway. How do you alter an array in Java? I'm completely unfamiliar with Java so maybe that's a dumb question. And I know I could Google it but I'll probably spend two hours reading and not get as concise an answer as I'd get here in a few sentences. Java arrays are a little different than CF arrays. You have to declare a java array's size up front. Once declared, the array is immutable. So unlike in CF, you cannot append elements or remove them. You can only change the values of existing elements. So it is not really what we think of as an array in CF terms. When you think CF array, think java List. ie A modifiable collection of elements. Because that is essentially what it is internally: a java.util.List ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337437 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
Phenomenal answer. Thanks! So would a Java dev just declare a new array one index larger than the old one when adding items? Or would one not use arrays for the same purposes in Java? I promise I don't intend on tricking you into teaching me Java through an OT cf-talk thread. On Thu, Sep 23, 2010 at 9:06 PM, Leigh cfsearch...@yahoo.com wrote: OT: Or slightly anyway. How do you alter an array in Java? I'm completely unfamiliar with Java so maybe that's a dumb question. And I know I could Google it but I'll probably spend two hours reading and not get as concise an answer as I'd get here in a few sentences. Java arrays are a little different than CF arrays. You have to declare a java array's size up front. Once declared, the array is immutable. So unlike in CF, you cannot append elements or remove them. You can only change the values of existing elements. So it is not really what we think of as an array in CF terms. When you think CF array, think java List. ie A modifiable collection of elements. Because that is essentially what it is internally: a java.util.List ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337438 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfinsert/cfupdate
On Thu, Sep 23, 2010 at 3:02 PM, Jacob Munson yacoub...@gmail.com wrote: That said, this does not work if you don't use cfqueryparams for everything. For example, this query would NOT be a prepared statement (from what I understand): cfquery name=bday datasource=#myDSN# select birthDate from familyGroups where child = cfqueryparam value=#form.children# cfsqltype=cf_sql_varchar and stillMinor = 1 /cfquery Actually that is most definatley NOT true. If you run the same query again with a different value for #form.children#, it will use the prepared statement ... but if you were to run it with a different value for stillMinor, it would create a NEW prepared statement. So if you're always running the query with stillMinor=1 then you don't need to put the 1 in a cfqueryparam, you still get all the benefits of the behind the scenes stuff that CF does. BTW if you ever really want to see what coldfusion is sending to the database, and you're using SQL Server, turn on SQL Profiler. It's some crazy shit ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337439 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
So would a Java dev just declare a new array one index larger than the old one when adding items? Or would one not use arrays for the same purposes in Java? Yes, they tend to be used differently. If you expect to be adding or removing elements frequently, you probably would not use a java array at all. But would select an object like a List, that is designed to change size. There are no absolutes, but typically if you would select an array for something in CF .. in java you would use a List instead. (Because that is what CF arrays really are anyway .. ;-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337440 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
Cfset mySTring = This is fun cfset myArray = mySTring.split('') cfloop from=1 to=#ArrayLen(myArray)# step=1 index=x cfoutputPosition #x# = #myArray[x]#br//cfoutput /cfloop Yes, it's THAT easy. If you run the code above you'll see this: Position 1 = Position 2 = T Position 3 = h Position 4 = i Position 5 = s Position 6 = Position 7 = i Position 8 = s Position 9 = Position 10 = f Position 11 = u Position 12 = n Note that the first element is an empty string. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337441 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
The following is less code but would it execute slower because of the mid? I can't test right now. cfset myString = This is funner / cfloop from=1 to=#len(myString)# index=x cfoutputPosition #x# = #mid(myString,x,1)#br//cfoutput /cfloop On Thu, Sep 23, 2010 at 9:28 PM, Rick Root rick.r...@gmail.com wrote: Cfset mySTring = This is fun cfset myArray = mySTring.split('') cfloop from=1 to=#ArrayLen(myArray)# step=1 index=x cfoutputPosition #x# = #myArray[x]#br//cfoutput /cfloop Yes, it's THAT easy. If you run the code above you'll see this: Position 1 = Position 2 = T Position 3 = h Position 4 = i Position 5 = s Position 6 = Position 7 = i Position 8 = s Position 9 = Position 10 = f Position 11 = u Position 12 = n Note that the first element is an empty string. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337442 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
This isn't the point though. He wants to convert a string to an array of letters. =) The output is just an example. Rick On Thu, Sep 23, 2010 at 9:33 PM, Michael Grant mgr...@modus.bz wrote: The following is less code but would it execute slower because of the mid? I can't test right now. cfset myString = This is funner / cfloop from=1 to=#len(myString)# index=x cfoutputPosition #x# = #mid(myString,x,1)#br//cfoutput /cfloop On Thu, Sep 23, 2010 at 9:28 PM, Rick Root rick.r...@gmail.com wrote: Cfset mySTring = This is fun cfset myArray = mySTring.split('') cfloop from=1 to=#ArrayLen(myArray)# step=1 index=x cfoutputPosition #x# = #myArray[x]#br//cfoutput /cfloop Yes, it's THAT easy. If you run the code above you'll see this: Position 1 = Position 2 = T Position 3 = h Position 4 = i Position 5 = s Position 6 = Position 7 = i Position 8 = s Position 9 = Position 10 = f Position 11 = u Position 12 = n Note that the first element is an empty string. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337443 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
Oh and Leigh is correct, you can't manipulate the resulting Array from calling the .split() method on a string.. ie, neither of these work: cfset ArrayAppend(myArray,Y) cfset myArray.push(' ') The latter doesn't work because apparently, java arrays have no push method :) Apparently, that's the perl programmer in me. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337444 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: running requests longer than request timeout
On Thu, Sep 23, 2010 at 5:28 PM, Russ Michaels r...@michaels.me.uk wrote: nope, even FR cannot kill them automatically, you have to force thread death. and in Fusion Reactor Enterprise, that's often not an option and it pretty much never works - because Fusion Reactor is java, and java cannot kill native OS threads. What's a native thread, you ask? Anything communicating with a socket (like database I/O) .. file I/O maybe? Even sending data to the client or receiving data from the client. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337445 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
Personally, I would not worry about speed prematurely. Not unless you have a very large string. So for normal stuff, I would probably use that approach (ie MID combined with ArrayAppend). ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337446 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: coldfusion 8 split word in array of letters
typically if you would select an array for something in CF .. in java you would use a List instead. That statement is probably a little too broad. What I meant was, for CF tasks requiring resizable arrays .. you would probably use a List type object in java. -Leigh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337447 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: RTF generation by a scheduled task
I recently had to write a script to generate RTF documents from data in a database. Creating the template was an interesting experience because the RTF format seems to do all kinds of wacky stuff if you erase stuff, cut, paste, etc. Two things I found. Making your RTF template with MS Word, not with Wordpad, and #2 - don't make any mistakes creating your template. Don't erase anything. Just type. What i ended up doing was making my rtf template by opening a document and typing in stuff like VARIABLE001 VARIABLE002 VARIABLE003, and then just doind a find/replace on the document to replace the placeholders with my data. I had initiall tried pasting in VARIABLEXXX then going through and changing the XXX to the numbers, only to find that for some reason when I was done, VARIABLE001 didn't appear in the RTF source as I would expect. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337448 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: RTF generation by a scheduled task
+1 (or -1 however you look at it.) RTF is a total PITA when making edits. Tedious is an understatement. Rick is right, do it right the first time. It will save you many, many headaches. G! On Thu, Sep 23, 2010 at 9:45 PM, Rick Root rick.r...@gmail.com wrote: I recently had to write a script to generate RTF documents from data in a database. Creating the template was an interesting experience because the RTF format seems to do all kinds of wacky stuff if you erase stuff, cut, paste, etc. Two things I found. Making your RTF template with MS Word, not with Wordpad, and #2 - don't make any mistakes creating your template. Don't erase anything. Just type. What i ended up doing was making my rtf template by opening a document and typing in stuff like VARIABLE001 VARIABLE002 VARIABLE003, and then just doind a find/replace on the document to replace the placeholders with my data. I had initiall tried pasting in VARIABLEXXX then going through and changing the XXX to the numbers, only to find that for some reason when I was done, VARIABLE001 didn't appear in the RTF source as I would expect. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337449 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CF Flash Problem
Anyone know how to get timeline information from a cfpresentation? I need to be able to get where a user stopped at if he/she logs out of the application or if the session ends so they don't have to start the entire presentation over if or when they log back in. Any assistance would be great. I can be reached at: john.euba...@dev-solutions.biz. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337450 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm